HP Integrity iLO 2 Operations Guide
Table Of Contents
- HP Integrity iLO 2 Operations Guide
- Contents
- About This Document
- 1 Introduction to iLO 2
- Features
- Standard Features
- Always-On Capability
- Virtual Front Panel
- Multiple Access Methods
- Security
- User Access Control
- Multiple Users
- IPMI over LAN
- System Management Homepage
- Firmware Upgrades
- Internal Subsystem Information
- DHCP and DNS Support
- Group Actions
- Group Actions Using HP SIM
- SNMP
- SMASH
- SM CLP
- Mirrored Console
- Remote Power Control
- Power Regulation
- Event Logging
- Advanced Features
- Standard Features
- Obtaining and Activating iLO 2 Advanced Pack Licensing
- Supported Systems and Required Components and Cables
- Integrity iLO 2 Supported Browsers and Client Operating Systems
- Security
- Features
- 2 Ports and LEDs
- 3 Getting Connected to iLO 2
- 4 Logging In to iLO 2
- 5 Adding Advanced Features
- Lights-Out Advanced KVM Card for sx2000 Servers
- Lights-Out Advanced KVM card Requirements
- Configuring the Lights-Out Advanced KVM Card
- Lights-Out Advanced KVM Card IRC Feature
- Lights-Out Advanced KVM Card vMedia Feature
- Installing the Lights-Out Advanced KVM Card in a Server
- Lights-Out Advanced KVM Card Quick Setup Steps
- Using Lights-Out Advanced KVM Features
- Mid Range PCI Backplane Power Behavior
- Troubleshooting the Lights-Out Advanced KVM Card
- Core I/O Card Configurations
- Supported PCI-X Slots
- Upgrading the Lights-Out Advanced KVM Card Firmware
- Lights-Out Advanced KVM Card for sx2000 Servers
- 6 Accessing the Host (Operating System) Console
- 7 Configuring DHCP, DNS, LDAP, and Schema-Free LDAP
- 8 Using iLO 2
- Text User Interface
- MP Command Interfaces
- MP Main Menu
- MP Main Menu Commands
- CO (Console): Leave the MP Main Menu and enter console mode
- VFP (Virtual Front Panel): Simulate the display panel
- CM (Command Mode): Enter command mode
- SMCLP (Server Management Command Line Protocol): Switch to the SMASH SMCLP
- CL (Console Log): View the history of the console output
- SL (Show Logs): View events in the log history
- HE (Help): Display help for the menu or command in the MP Main Menu
- X (Exit): Exit iLO 2
- MP Main Menu Commands
- Command Menu
- Command Line Interface Scripting
- Command Menu Commands and Standard Command Line Scripting Syntax
- BP: Reset BMC passwords
- BLADE: Display BLADE parameters
- CA: Configure asynchronous local serial port
- DATE: Display date
- DC (Default Configuration): Reset all parameters to default configurations
- DF: Display FRU information
- DI: Disconnect LAN, WEB, SSH, or Console
- DNS: DNS settings
- FW: Upgrade the MP firmware
- HE: Display help for menu or command in command menu interface
- ID: System information settings
- IT: Inactivity timeout settings
- LC: LAN configuration usage
- LDAP: LDAP directory settings
- LM: License management
- LOC: Locator UID LED configuration
- LS: LAN status
- PC: Power control access
- PM: Power regulator mode
- PR: Power restore policy configuration
- PS: Power status
- RB: Reset BMC
- RS: Reset system through the RST signal
- SA: Set access LAN/WEB/SSH/IPMI over LAN ports
- SNMP: Configure SNMP parameters
- SO: Security option help
- SS: System Status
- SYSREV: Firmware revisions
- TC: System reset through INIT or TOC signal
- TE: Send a message to other mirroring terminals
- UC: User Configuration (users, passwords, and so on)
- WHO: Display a list of iLO 2 connected users
- XD: iLO 2 Diagnostics or reset
- Web GUI
- System Status
- Remote Serial Console
- Integrated Remote Console
- Virtual Media
- Power Management
- Administration
- BL c-Class
- Help
- SMASH Server Management Command Line Protocol
- SM CLP Features and Functionality Overview
- Accessing the SM CLP Interface
- Using the SM CLP Interface
- SM CLP Syntax
- System1 Target
- System Reset Power Status and Power Control
- Map1 (iLO 2) Target
- Text Console Services
- Firmware Revision Display and Upgrade
- Remote Access Configuration
- Network Configuration
- User Accounts Configuration
- LDAP Configuration
- Text User Interface
- 9 Installing and Configuring Directory Services
- Directory Services
- Directory Services for Active Directory
- Directory Services for eDirectory
- Installing and Initializing Snap-In for eDirectory
- Example: Creating and Configuring Directory Objects for Use with iLO 2 Devices in eDirectory
- Directory Services Objects for eDirectory
- Setting Role Restrictions
- Setting Time Restrictions
- Setting Lights-Out Management Device Rights
- Installing Snap-Ins and Extending Schema for eDirectory on a Linux Platform
- Using the LDAP Command to Configure Directory Settings in iLO 2
- User Login Using Directory Services
- Certificate Services
- Directory-Enabled Remote Management
- Directory Services Schema (LDAP)
- Glossary
- Index
To configure LDAP extended schema:
1. From the MP Main Menu, enter command mode.
2. At the MP:CM> prompt, enter LDAP.
3. To select Directory Settings, enter D. The current LDAP directory settings appear.
4. To select all parameters enter A. The current LDAP directory authentication status appears.
The local iLO 2 user accounts database status also appears. If enabled, the local iLO 2 user
database is used if there is an authentication failure using the LDAP Directory.
5. Enter D for disabled, or E for enabled. You must enter E if LDAP directory authentication is
disabled. The current LDAP server IP address appears.
6. Enter the IP address of the LDAP server. The current LDAP server port address appears.
7. Enter a new port number. The screen displays the current object distinguished name. This
specifies the full distinguished name of the iLO 2 device object in the directory service. For
example, CN=RILOE2OBJECT, CN=Users, DC=HP, DC=com. Distinguished names are
limited to 255 characters maximum plus one for the NULL terminator character.
8. Enter a new name. The Current User Search Context 1 appears.
9. Enter a new search setting. The Current User Search Context 2 appears.
NOTE: The context settings 1, 2, and 3 point to areas in the directory service where users
are located, so that users do not have to enter the complete tree structure when logging in.
For example, CN=Users, DC=HP, DC=com. Directory user contexts are limited to 127
characters maximum plus one for the NULL terminator character for each directory user context.
10. Enter a new search setting. The screen displays the Current User Search Context 3.
11. When prompted, enter a new search setting.
The updated LDAP configuration is as follows:
New Directory Configuration (* modified values):
* L - LDAP Directory Authentication : Enabled
M - Local MP User database : Enabled
* I - Directory Server IP Address : 192.0.2.1
P - Directory Server LDAP Port : 636
D - Distinguished Name (DN) : cn=mp,o=demo
1 - User Search Context 1 : o=mp
2 - User Search Context 2 : o=demo
3 - User Search Context 3 : o=test
Enter Parameter(s) to revise, Y to confirm, or [Q] to Quit: y
-> LDAP Configuration has been updated
Login Process Using Directory Services with Extended LDAP
You can choose to enable directory services to authenticate users and authorize user privileges
for groups of iLO 2s. The iLO 2 directory services feature uses the industry-standard LDAP. HP
layers LDAP on top of SSL to transmit the directory services information securely to the directory
servers. More information about using iLO with directory services is available from the HP website
at:
http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00190541/c00190541.pdf?
jumpid=reg_R1002_USEN
HP provides a tool for Active Directory support of HP management processors. This tool,
HPQLOMIG.exe, is part of HP Directories Support for Management Processors softpaq
(SP31581.exe). It assists with installing the schema and snap-ins needed for Active Directory to
work with iLO 2 products including Integrity iLO 2. This is for set up and management. It will not
do automatic migration for you. For Integrity iLO 2, you must manually add iLO 2 objects to the
66 Configuring DHCP, DNS, LDAP, and Schema-Free LDAP